[Qualcomm feedback] Chapter 6.1.1. Clarify when devices are in TCB of TVMs

riscv-non-isa / riscv-ap-tee

This repo holds the work area and revisions of the non-ISA specification created by the RISC-V AP-TEE TG. This specification defines the programming interfaces (ABI) to support the Confidential VM Extension (CoVE) confidential computing architecture for RISC-V application-processor platforms.

https://jira.riscv.org/browse/RVG-76

Creative Commons Attribution 4.0 International

49 stars 19 forks source link

[Qualcomm feedback] Chapter 6.1.1. Clarify when devices are in TCB of TVMs #59

Closed rsahita closed 6 months ago

rsahita commented 7 months ago

Reference: link

Table 1 in chapter 6 row for TVM <-> Directly assigned, TEE-IO compliant devices

There may also be non TEE-IO compliant devices assigned to a TVM (e.g. non-PCIe onchip devices).

rsahita commented 7 months ago

That is not the case - if a device is allowed to directly DMA from confidential memory (which is assigned to a TVM), it has to be a TEE-IO capable device (even for non-PCIe onchip devices) -- though the TEE-IO requirements for on-chip devices may be a lower bar (for e.g. no link encryption/integrity may be required)

rsahita commented 6 months ago

closing this one (explanation in the prev. comment). cc @ozkoyuncu